And do you know how I can index depending on the msg_ids because those msg_ids means different types of attack. Because maybe it will be better if I index my logs based on their msg_id I don´t know
@dadoonet
I do not mean that specifically. Because I get an excessive amount of logs, then indexing them by msg_id would be the best way, but the way you show me I would index a message and not a bunch of them. Because I've passed you the way the logs arrive.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.